Language Selection

English French German Italian Portuguese Spanish

Microsoft, Linux vendors slow to fix flaw

Filed under
Security

Colin Percival detailed the vulnerability -- which affects versions of Intel's CPU that use a technology called hyper-threading -- at a conference on May 13.

The vulnerability could allow hackers to steal sensitive information such as passwords on servers configured to allow multiple users to login simultaneously.

The FreeBSD security team member has received formal responses to the issue from the makers of the BSD family of open-source operating systems, as well as SCO and Ubuntu Linux. However, Linux vendors Red Hat, Novell and Mandriva as well as Microsoft have been slow to act.

"Given that I reported this problem in early March, I really think that they [Microsoft and Linux vendors] should have had a patch over a month ago -- in time to test it extensively before releasing it on May 13th," Percival told ZDNet Australia .

"I made it quite clear to everyone that I would be releasing my paper on that date and that they should make sure they were ready by then," he added.

Although the problem only affects multi-user servers, these machines are widely used. "The most obvious example is shared Web servers, which constitutes the vast majority of small e-commerce sites," he said. "On these systems the flaw is very serious."

Full Story.

More in Tux Machines

Unimpressed with Ubuntu 16.10? Yakkety Yak... don't talk back

Before I dive into what's new in Ubuntu 16.10, called Yakkety Yak, let's just get this sentence out of the way: Ubuntu 16.10 will not feature Unity 8 or the new Mir display server. I believe that's the seventh time I've written that since Unity 8 was announced and here we are on the second beta for 16.10. Maybe that's why they named it Unity 8. Whatever the case, Unity 8 is available for testing if you'd like to try it. So far I haven't managed to get it working on any of the hardware I use, which goes a long way to explaining why it's not part of Ubuntu proper yet. Read more

Reiser4 Implements Mirror & Failover Support

Edward Shishkin, one of the last remaining Reiser4 developers and the one who has been leading this out-of-tree file-system the past few years, has implemented logical volumes support with support for mirrors (in effect, RAID 0) and failover support at the file-system level. Shishkin quietly announced on Sunday, "Reiser4 will support logical (compound) volumes. For now we have implemented the simplest ones - mirrors. As a supplement to existing checksums it will provide a failover - an important feature, which will reduce number of cases when your volume needs to be repaired by fsck." Read more

Exactly What Is OpenStack? Red Hat's Rich Bowen Explains

You've probably heard of OpenStack. It's in the tech news a lot, and it's an important open source project. But what exactly is it, and what is it for? Rich Bowen of Red Hat provided a high-level view of OpenStack as a software project, an open source foundation, and a community of organizations in his talk at LinuxCon North America. OpenStack is a software stack that went from small to industry darling at warp speed. It has three major components: The compute service runs the virtual machines (VMs), and it has a networking service and a storage service, plus a dashboard to run everything. OpenStack is only six years old, and was born as a solution devised by Rackspace and NASA to solve a specific problem. Read more

Linux Foundation Certified System Administrator: Muneeb Kalathil

I started using Linux when I was in school. But at that point, I was limited to Installation and running a few commands. I really started learning and growing my interest in Linux while I was working on my degree in Computer Applications. My first distribution was Red Hat CentOS. I spent many hours learning Linux and enjoyed it. Read more